← HeatShield Docs

ModSecurity

What Is ModSecurity?

ModSecurity is the world's most popular Web Application Firewall (WAF). A WAF is a system that analyzes HTTP requests against various rules to determine if the request is malicious.

History of ModSecurity

ModSecurity was originally created and developed by Ivan Ristić, a security expert who is also the founder of SSL Labs and a Technical Advisory Board Member of Let's Encrypt.

How ModSecurity Works

The fundamental idea behind ModSecurity is to inspect the content of a request, determine if the request appears to be malicious, and block the request if it is.

ModSecurity Rules and Rule Sets

As ModSecurity is only the engine itself, it requires rules to be useful. These rules are instructions about what to look for in requests and what to do if a request matches a rule.

ModSecurity Alternative

Maintaining ModSecurity for Apache or Nginx can be time consuming, frustrating, and error-prone. As a result, some people may stop using ModSecurity altogether and leave their WordPress sites exposed to attacks.

Advanced security for your WordPress sites